I get Layer 2 mac routing, and I get Layer 3 IP routing in switches. I also understand Layer 4 TCP port routing, usually reserved for router devices instead of layer 4 switches (but could be in the L4 switches too).
What I'm having trouble with designing a school's network is: what kind of router do i need to firewall/filter Layer 4 traffic, if I have 10 Gbps links to multiple servers across 4 VLANs?
E.g. If the Layer 3 switches are offloading the 10 Gbps VLANs and IP subnets routing within its hardware at wire speed, but I want to restrict certain ports on certain IP devices, does this mean I need to route those VLANs on the "trunk" all to the single router to allow/deny the ports across the VLANs?
Wouldn't that mean the router is now my bottleneck across those VLANs for the TCP port restrictions? Say I had only a single 1 Gbps link between the router and the switch(es)/VLANs: that would mean all cross-VLAN traffic that i want to limit TCP ports for must go through the router's interface.
I have 2 Brocade L3 switches I am starting to run drops for and program - but haven't decided on a router yet. Was thinking of a Mirotik RouterBoard.
So... Is this why we want multiple inputs into a single router? So with 4 VLANs, I'd want 4 links into my router, so each VLAN gets its own dedicated uplink/trunk for bandwidth.
With that said, am I correct in assuming that to keep 10 Gbps bandwidth between VLANs, I'd need a router with multiple 10 Gbps ports?
Was actually thinking of the Mirotik RB4011 series with a single 10 Gbps port for the single trunk uplink from the switches. That would be better than 4x1 Gbps links (and easier to program).
Thanks for your time!
No comments:
Post a Comment